Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Mad Hamster writes "Boy Genius Report points out that the HTC Droid Incredible, using the Sense UI, 'will periodically store screenshots of the contents of your web browser.' These shots are stored in such a way that they are not easily deleted. 'They remain when the current browser session is closed, they remain after you clear the browser history, and they remain after a full factory reset,' though there is a way to delete them manually."

Passwords appear as ***** so no worry there, but the screencaps might show a thief (or unscrupulous friend) that you've been surfing porn, or looking at photos of your sexy wife. "Wow. Mrs. Stiffler is hot."

Except for the fact that as you're typing them in, they show
each letter for a second or so then it becomes an asterisk. Say somebody
uses the same password for a number of sites and you're unlucky
enough that a screen cap was taken at various times showing the
different letters...

What are you suggesting it is? A plot by HTC to somehow retrieve private data from its customers? Seems pretty far fetched to me, and it is quite a leap from the evidence presented here. I think occam's razor suggests this is a mistake. Not a small one, but I can't see that it is anything else.

What about a way to obtain proof of child pornography possesion? Or proof of browsing undesirable web sites? Or proof of... whatever the masters might want to prosecute you for? Far fetched, but not impossible and a conspiracy theory is just a theory until it is proved.

I find myself contrasting the response Microsoft would get if they left something similar on Windows Mobile, and the response Android gets. Although there are a few folks in here with a bit more pessimism, the bulk seem to be willing to assume it's just a 'simple mistake'.

I'll venture a guess: I have noticed on my HTC Incredible that the built-in browser displays a small graphical thumbnail of my bookmarked sites, presumably as a user interface enhancement. When scrolling through my bookmarks, I can see a picture of what the page looked like the last time I visited it. My guess is that these pictures are stored and used to generate those thumbnails.

If that is truly the usage, I have no issues whatsoever with the practice. If those pictures are leaving my phone, however, then this is really unacceptable.

maybe a better practice would be to store a thumbnail size image of the screenshot. Then you would gain 2 things. You wouldn't be taking up as much space. You would probably be saving it in an illegible form (barring any CSI style investigation). You would recognize the thumbnail, but couldn't actually read words like ssn, password, or credit card numbers.

Off topic: Does anyone know the location of those stored pics, because everytime I change roms on my Android phone and restore it. That is the one thing that Google Backup does not restore is the pics.

So I take it these pics are deleted or just stored locally, but where (System/data ?)

To me, the obvious answer is, that someone wants to look at what I’m doing. Which can not ever possibly be a good thing. Ever. Because it’s always a breach of trust and privacy.I mean the fact that they aren’t even deleted after a factory reset really gives it away, plain as day.And I bet the screenshots aren’t random at all.

the/emmc/ folder that's present on some Android devices (including the incredible) is a mount point for the internal eMMC storage. it's a bus for a type of embedded flash memory (like SDHC for removable cards).

when there's no SD card, the phone might choose to use this embedded storage (or might choose to use it for other reasons).. it's not really the same as the "internal storage" (which is wiped in a factory reset).

this is a simple oversight on the part of HTC and/or the Android team - not making it more obvious, on devices that have eMMC (very few models of which exist yet), that this is another persistent area of storage that needs to be treated like the SD card when it comes to privacy concerns.

there is no conspiracy here, just innocent mistakes in a massive contribution-driven software project.

They remain even after a factory reset, which is a little concerning. TFA mentions they found screenshots of everything from their Facebook page to the bank website and everything in between, probably not enough to steal your money or your accounts but still enough to track your activity on the web. If you're doing anything on your HTC phone that you'd rather not have other people (informed, ambitious, and already suspicious people at least) find out about then yes it should concern you a bit.

It doesn't bother me that you're wrong (at least according to the article), honest mistake and all, but it does bother me that you're modded up for it.

They remain when the current browser session is closed, they remain after you clear the browser history, and they remain after a full factory reset. The JPEG files are saved to a folder named.bookmark_thumb1 which is located within the emmc folder of the phones internal storage (so you would expect a full factory reset to delete them).

You've got a good point - which is why I've tried it without my SD card inserted. You can make new bookmarks, but it won't store an image. The image it does show is a picture of an SD card with a '?' next to it. Similar for any images of history items. It will try to use cached images when possible, so clear that and you'll see what I have. (I hope)

Then you'd be out $100. I'm even posting from the phone... now there's now way I could collect nor is there any evidence I could give you that you'd take. The screen cap that BGR is using is even from the external SD. Drive h: is the default letter for external SD. I'm not the only one saying this.

Are they ever read? Sent anywhere? Are they permanent (always taking up space), or are they rotated out?

Is there any particular reason I should care?

They're used to make thumbnails for bookmarked pages (and maybe frequently-visited in some versions, I don't have access to >2.1 now.)

This is exactly like the start page in Chrome, where it shows thumbs of recent pages.. they're at an infinitely small resolution. The entire screen on the EVO is only 480x800px wide, and they cram like a 9-thumb grid in 50% of the screen.

if you are one of a hundret selling android devices you need something to be distinguished with from the others. So they add on their on UI so customers see it as a better android handset as the ones from other manufacturers. If you submitt it back to android then all will eventually have it and you are just one in the android soup again....

An unmodified, unrestricted Android OS phone would be a selling point in and of itself.

There is, http://en.wikipedia.org/wiki/Android_Dev_Phone [wikipedia.org] - you can buy it directly from Google. Sign up as an Android developer for $25 (one-time fee that gets you access to submit apps for the Market, required to purchase the phone unfortunately). The latest version of the phone is actually just a completely unlocked HTC Magic; it costs $399 from Google (no contract subsidy here obviously.)

If you're interested in a "solution" (only workable to tech savvy folk, really) for from-carrier devices you can pick

So they add on their on UI so customers see it as a better android handset as the ones from other manufacturers.

I guess if your customer's are complete idiots. Otherwise, you get
the experience I had when I was at a T-Mobile store yesterday. I
was looking at the new keyboarded version of the My3G and the interface
goo they layered on top of Android was just atrocious. Garish bubblegummy
looking colors and useless craptastic additions do not a superior
interface make. It's like the shit pc makers do

I don't really see what's wrong with Sense. I've got it on my EVO. It's fine. The screenshots are there to be shots for the bookmark applet. If you don't want them made you can just delete the folder they're being put in and created a text file with the same name on your sd card. Should HTC have made this feature more clear and given a way to disable it, yes. But it's not the bloody end of the world and there's nothing wrong with Sense. Maybe you don't like it but I do and oddly it seems quite a lot

The whole point of Android being open is so people can build on top of it. If you don't want vendor modified UIs and OS builds, go get an iPhone or root your phone. If people are so short sighted as to not realize that the "fragmentation" is a strength not a weakness of Android that's their own problem.

I just got an EVO and shut off Sense on my second or third day. A few days later I turned it back on. It looks a lot better than stock. I love the "phone" button at the bottom and the plus button on the right. Some of the widgets are Sense-only like the 4G on/off button. IMHO, the stock android looks cheap. I'd love to see Sense or a Sense-like UI put into the stock Android distribution.

Simple: All these years of WinMo pressed their brains into a mold of insanity. And after taking off the mold, they kept the form.It’s like freeing an animal that has lived in captivity all its life. It won’t survive for long as it has no idea what to do with all that freedom.

Probably not. No root or su for you on all Android stock ROMs (except for the G1 RC29/RC8), so you can't chmod a lot of folders. Though you might be able to slip the SD card (it MUST be the SDC that is getting these images) into another machine and do it there, but then I bet it interferes with something else, and you're hosed.

When root is cracked for this, then I suspect custom ROMs will solve the problem, if they even support Sense.

You can just mount the sd card over usb on your computer and do it from there. You have no layers, its just a usb block device (the phone unmounts the sd card and just passes it through to the computer).

From what other people are saying, the directory in question is on the microSD card, which (idiotically) is required to be Microsoft's "FAT32" format...so permissions are not really settable. (You might be able to set the "read only" DOS flag, but I don't know if that'll have any effect.)

(Honestly, why not even UDF is an option instead of FAT32 I have no idea. It's not like the linux kernel - and every modern Windows and Mac OS - doesn't have the ability to support it.)

The HTC Hero has a bookmark widget that uses screenshots of the websites as the buttons with a small label underneath(which is the websites title text I think). Since these images are called bookmark_thumb, I'm going to propose it has something to do with that...

This is how the iPhone does its cool animated transitions. People threw a stink when that was first discovered, but I can't remember if Apple resolved it. I know a factory reset does work on the iPhone though:-)

Everyone is up in arms about how these remain after a factory reset. Well the boring and unsensational truth is that the images are stored on the SD card. Your music, pictures, and videos are not deleted with a factory reset either.

These images are stored under the guise of being used as thumbnails for bookmarks but it seems unlikely as those could be taken as needed. This whole thing is pretty sketchy.

That said, if you don't want any more images delete the directory where they are stored and create an empty file of the same name (same name as the directory). No more screenshots!

I've noticed that my HTC Desire (also with Sense UI) does a similar thing, except it stores the thumbnails in my SD card. (The factory reset won't touch SD cards.) Maybe it saves to internal memory when there's no SD card, but I have not checked.

So it's probably more of a feature with a failsafe (i.e. write to internal memory if no SD is there) that wasn't implemented correctly, and you can still delete the files manually anyway. No big deal for me, but it's enough for me to know in case I do dispose/res

The Droid Incredible has what is basically a hard soldered 8 GB SD card in addition to normal internal storage, and the external SD card. It is being written there (possibly only if there is no external SD card, I am unclear on that). As a result it is not being touched on a factory reset. HTC has customized the ROM on that phone in special ways to make the 8 GB internal memory look like regular internal memory. Factory reset would actually not work very well except for special code they wrote to delete thi

Correction. I slightly misunderstood the role of the internal storage. I know see that the 8GB chip (or 6 GB according to some sources) is indeed an internal SD card, but it is not actually treated specially. All normal user data is in the standard internal memory, and applications treat the 8GB or 6GB chip exactly like an SD card. No special code was written with regards to it. The idea was that apps are generally small, and any large amounts of data they store on the SD card, so keep the apps in real inte

If your phone got stolen, the thief would get access to your google account (if you've ever set it up) or your browser history in the first place. Those are things that you wouldn't have been able to delete at the point of theft. Even if you lock the phone -- a good enough thief whose purpose is to steal your data would have researched enough to know how to get it. So that supposed "security hole" is moot -- it's just a tiny thing compared to the other data the thief has already gotten hold of.

yes, it does store the screenshots... for the purpose of having them show up in the Sense UI bookmark widget.
on my Hero they are stored on the storage card, on the Incredible they are located on the on-board 6GB partition, http://www.androidcentral.com/htc-browser-bookmark-images-scare [androidcentral.com] explains it in greater detail

How is this different from what Safari does? As I recently discovered when someone gave me their old PC, clearing the cache (which the person did) does not get rid of the page images Safari creates. There were hundreds of them: news stories, many Google searches, emails being read and written, adult content. I imagine Safari creates the images for the frequently used wall it puts up when you create a new window or tab. However the images were the full page (top to bottom, not just a 4:3 thumbnail) and there were low resolution JPG's and full resolution PNG's. What Safari needs the full page, full resolution images for I can only guess. This was nine-ish months ago, so it may be different now.

Since in their hurried excitement TFA didn't report (or even ask) if this applied to other Android / Sense phones, I see them on my HTC Desire. Anyone using an Android phone without Sense (that is, any non-HTC made Android phone) willing to report? We're all assuming Sense, and it seems likely, but I've not seen any kind of confirmation.

The images aren't there to be sent back to HTC or whatever, they're just thumbnails for the fancypants UI. But there is an unintended security/privacy risk - that a malicious app could upload them, because apps can read anywhere on the SD card (if the app info says they can access the SD card, they can read all of it). OP is quite the dramatisation though, I read it to suggest shenanigans due to that folder being specifically and strangely excluded from the factory reset. That's not the case, the folder is on the SD card none of which is wiped on a factory reset - only the phone's storage is. If you're selling it with your phone (of any kind) you should know to also wipe the SD card.

Also, we don't know what the deletion policy is i.e. how much space they might eventually taking up, this is probably making a bit of an effort to imagine possibilities to complain about.

Another comment suggests "Can be fixed by deleting the folder.bookmark_thumb1 and create an empty txt file.bookmark_thumb1" (which, since being lackadaisical seems to be the in thing, I can't be bothered testing to confirm).

Only 144 Comments? Why isn't everyone losing their shit over thisOH I see, it's not about Apple. I stand corrected. Please move to the next Apple thread and begin your irrational bashing there. Thanks!

Apps only have permission to the data on their own section of the main memory by default. Even if they have access to your SD card then that doesn't give them permission to access other apps' private storage (unless they're from the same developer).

Unless that data is on the SD card, in which case it's not supposed to be erased by a factory reset.

The only error here is that there seems to be a bit of an undefined condition - apps caching temporary content to the SD card. There just needs to be a better mechanism to clear that stuff out. I think that would resolve this issue.

Troll.Has nothing to do with Google.The images are not sent anyplace... they live on the SD card and factory wipes don't format your SD card.It's all working as intended and the story might well be labeled a troll as well.

Besides, iPhones did this too.I don't see the fanboys running for the hills.

This is done by HTC's custom software, not by Android. Furthermore, there is no evidence that there is anything sinister going on. All this is, is that HTC made a silly choice when storing thumbnails for bookmarks.